[Governance] Formal Complaint Against Josh Sokol

Josh Sokol josh.sokol at owasp.org
Thu May 15 15:59:09 UTC 2014


>
> I never made contact with Norman Hue neither is he the subject of this
> complaint.
>

>
The correct course of action would have been to directly contact
> Norman offline and inform the OWASP-Leaders Mailing List to desist
> from further discussion of this matter if a continued discussion
> develops.
>

Norman says differently in the e-mail Christian referenced earlier.  "*I've
recently returned to my day job from a period of leave, and upon **checking
my email, I was most pleasantly surprised to find an email **regarding our
good friend cmlh. Apparently, he has some kind of subpoena **against
OWASP?"*  If Christian says he never contacted Norman, then perhaps I
misunderstood "find an email regarding our good friend cmlh" to mean that
Christian contacted him instead of him meaning that he read another e-mail
related to the matter.  If I misinterpreted, then I'm sorry.  I thought
that you had carried out the action that you had threatened us with
mid-April.  If that is the case, then I'm not sure where the information
Norman references would have come from, but it didn't come from me.  I'd
maintain that I did not disclose anything in my response that hadn't
already been disclosed publicly at the time and I would still request that
Christian provide a specific example of the breach of confidentiality with
which I am accused.

While I can appreciate Christian's perspective on what my correct course of
action should have been, my fiduciary duty is to protect the OWASP
Foundation, and Christian's continued harassment of OWASP members is of the
utmost concern.  I'd much rather our members know that they have rights and
that the Board stands behind them, rather than allowing Christian to bully
them into submission.

Your autoresponder makes no attempt to discern the contents of the
> e-mail correspondence and shows a complete lack of respect and dignity
> towards the person who sent the e-mail.
>
> The correct course of action would have been to respond with the legal
> instructions only if it is relevant to the contents of the e-mail
> which in this case it clearly is not.
>

Christian is correct that my autoresponder does not attempt to discern
contents.  It was put in place (for me) after telling Christian NINE (9)
times that I would not provide him with the information he was seeking to
maintain confidentiality unless a subpoena was issued to obtain it.  At
least two of these were after I had explicitly told Christian that his
contacting myself and other OWASP members was perceived as harassment and
after asking him to refrain from contacting me directly on this matter.  It
was done at the suggestion of OWASP legal counsel, with the support of the
Board, and instead of the OWASP Foundation filing a formal harassment
complaint against Christian.

Again, while I can appreciate Christian's perspective on what my correct
course of action should have been, my fiduciary duty is to protect the
OWASP Foundation.  His persistent harassment of myself and other OWASP
members (at least two or three others that I am aware of) is what prompted
my response.  If anyone is injuring Christian's professional reputation, it
is him through his words and actions against OWASP and it's members.  My
providing passive instructions on the proper response should they be
contacted by him on this manner, supported by OWASP legal counsel and the
Board, was by no means an attempt to injure Christian either personally or
professionally.  If it was perceived as otherwise, then I sincerely
apologize.

~josh


On Thu, May 15, 2014 at 9:17 AM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Josh,
>
> On Fri, May 16, 2014 at 12:00 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > Regarding confidentiality, I'd like to request that Christian please
> point
> > to the specific thing that I disclosed on this matter (relating to that
> > post) that wasn't already a matter of public record as a result of
> someone
> > else posting it first?
>
> I never made contact with Norman Hue neither is he the subject of this
> complaint.
>
> The correct course of action would have been to directly contact
> Norman offline and inform the OWASP-Leaders Mailing List to desist
> from further discussion of this matter if a continued discussion
> develops.
>
> On Fri, May 16, 2014 at 12:00 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > Regarding intentionally injuring a professional reputation, I'd like to
> > request that Christian please point to how providing instructions on how
> to
> > use Google's autoresponder equates to injuring his professional
> reputation.
> > I'd also like to point out that this instruction was sent only after
> > Christian decided to contact an OWASP leader regarding a subpoena
> instead of
> > sending it through the legal channel as he was instructed to do so.  Had
> > Christian followed the process, then Norman would not have contacted the
> > leaders list, and no instruction would have been required.
>
> Again, I never made contact with Norman Hue neither is he the subject
> of this complaint.
>
> Your autoresponder makes no attempt to discern the contents of the
> e-mail correspondence and shows a complete lack of respect and dignity
> towards the person who sent the e-mail.
>
> The correct course of action would have been to respond with the legal
> instructions only if it is relevant to the contents of the e-mail
> which in this case it clearly is not.
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140515/0b68a8d2/attachment-0001.html>


More information about the Governance mailing list